32 #include <xercesc/dom/DOM.hpp>
33 #include <xercesc/parsers/XercesDOMParser.hpp>
35 #include <xsec/canon/XSECC14n20010315.hpp>
36 #include <xsec/dsig/DSIGConstants.hpp>
40 using namespace digidoc;
60 dsig::SignedInfoType signedInfo(xml_schema::Uri(URI_ID_C14N_NOC), xml_schema::Uri(URI_ID_RSA_SHA1));
63 digidoc::dsig::SignatureValueType signatureValue;
64 signatureValue.id(nr +
"-SIG");
67 signature =
new dsig::SignatureType(signedInfo, signatureValue);
71 xades::SignedSignaturePropertiesType signedSignatureProperties;
74 xades::SignedPropertiesType signedProperties(signedSignatureProperties);
75 signedProperties.id(nr +
"-SignedProperties");
78 xades::QualifyingPropertiesType qualifyingProperties(
"#" + nr);
79 qualifyingProperties.signedProperties(signedProperties);
82 dsig::ObjectType object;
83 object.qualifyingProperties().push_back(qualifyingProperties);
102 xml_schema::Properties properties;
103 properties.schema_location(XADES_NAMESPACE,
Conf::getInstance()->getXadesXsdPath());
105 signature = dsig::signature(path, xml_schema::Flags::dont_initialize, properties).release();
107 catch(
const xml_schema::Parsing&
e)
111 catch(
const xsd::cxx::exception& e)
137 const std::vector<unsigned char> &digestValue,
const std::string& type)
throw(
SignatureException)
139 dsig::DigestMethodType method(xml_schema::Uri(digestUri.c_str()));
140 dsig::DigestValueType
value(xml_schema::Base64Binary(&digestValue[0], digestValue.size()));
141 digidoc::dsig::ReferenceType reference(method, value);
142 reference.uRI(xml_schema::Uri(uri));
144 reference.type(type);
145 signature->signedInfo().reference().push_back(reference);
157 DEBUG(
"digidoc::Signature::setSigningCertificate()");
160 dsig::KeyInfoType keyInfo;
163 std::vector<unsigned char> rsaModulus = x509.
getRsaModulus();
164 dsig::RSAKeyValueType::ModulusType modulus(xml_schema::Base64Binary(&rsaModulus[0], rsaModulus.size()));
166 dsig::RSAKeyValueType::ExponentType exponent(xml_schema::Base64Binary(&rsaExponent[0], rsaExponent.size()));
168 dsig::KeyValueType keyValue;
169 keyValue.rSAKeyValue(dsig::RSAKeyValueType(modulus, exponent));
170 keyInfo.keyValue().push_back(keyValue);
174 std::vector<unsigned char> derEncodedX509 = x509.
encodeDER();
175 dsig::X509DataType x509Data;
176 x509Data.x509Certificate().push_back(xml_schema::Base64Binary(&derEncodedX509[0], derEncodedX509.size()));
177 keyInfo.x509Data().push_back(x509Data);
179 signature->keyInfo(keyInfo);
184 std::auto_ptr<Digest> digest(
new Digest());
185 digest->
update(derEncodedX509);
186 dsig::DigestMethodType digestMethod(xml_schema::Uri(digest->
getUri()));
187 dsig::DigestValueType digestValue(xml_schema::Base64Binary(&digest->
getDigest()[0], digest->
getSize()));
188 xades::DigestAlgAndValueType certDigest(digestMethod, digestValue);
192 xades::SignedSignaturePropertiesType::SigningCertificateType::CertType _cert(certDigest, issuerSerial);
194 xades::CertIDListType signingCertificate;
195 signingCertificate.cert().push_back(_cert);
197 signature->object()[0].qualifyingProperties()[0].signedProperties()
198 ->signedSignatureProperties().signingCertificate(signingCertificate);
210 xades::SignatureProductionPlaceType signatureProductionPlace;
211 signatureProductionPlace.city(spp.
city);
213 signatureProductionPlace.postalCode(spp.
postalCode);
214 signatureProductionPlace.countryName(spp.
countryName);
216 signature->object()[0].qualifyingProperties()[0].signedProperties()
217 ->signedSignatureProperties().signatureProductionPlace(signatureProductionPlace);
230 xades::ClaimedRolesListType claimedRoles;
231 for(std::vector<std::string>::const_iterator iter = roles.
claimedRoles.begin(); iter != roles.
claimedRoles.end(); iter++)
233 claimedRoles.claimedRole().push_back(*iter);
236 xades::SignerRoleType signerRole;
237 if(!claimedRoles.claimedRole().empty())
239 signerRole.claimedRoles(claimedRoles);
240 signature->object()[0].qualifyingProperties()[0].signedProperties()
241 ->signedSignatureProperties().signerRole(signerRole);
252 signature->object()[0].qualifyingProperties()[0].signedProperties()
253 ->signedSignatureProperties().signingTime(signingTime);
263 dsig::SignatureValueType signatureValue(xml_schema::Base64Binary(sigValue.
signature, sigValue.
length));
266 std::string id(signature->signatureValue().id()->c_str());
269 signature->signatureValue(signatureValue);
272 signature->signatureValue().id(
id);
280 dsig::SignatureType::SignatureValueType signatureValueType = signature->signatureValue();
282 std::vector<unsigned char> signatureValue(signatureValueType.size(), 0);
283 memcpy(&signatureValue[0], signatureValueType.data(), signatureValueType.size());
285 return signatureValue;
311 std::auto_ptr<xercesc::XercesDOMParser> parser(
new xercesc::XercesDOMParser());
312 parser->setValidationScheme(xercesc::XercesDOMParser::Val_Always);
313 parser->setDoNamespaces(
true);
325 parser->parse(tmp.c_str());
328 parser->parse(path.c_str());
329 xercesc::DOMNode* domnode = parser->getDocument()->cloneNode(
true);
330 std::auto_ptr<xercesc::DOMDocument> dom(static_cast<xercesc::DOMDocument*>(domnode));
333 xercesc::ArrayJanitor<XMLCh> tagNs(xercesc::XMLString::transcode(ns.c_str()));
334 xercesc::ArrayJanitor<XMLCh> tag(xercesc::XMLString::transcode(tagName.c_str()));
335 xercesc::DOMNodeList* nodeList = dom->getElementsByTagNameNS(tagNs.get(), tag.get());
338 if((nodeList == NULL) || (nodeList->getLength() < 1))
340 THROW_SIGNATUREEXCEPTION(
"Could not find '%s' node which is in '%s' namespace in signature XML.", tagName.c_str(), ns.c_str());
343 if(nodeList->getLength() > 1)
345 THROW_SIGNATUREEXCEPTION(
"Found %d '%s' nodes which are in '%s' namespace in signature XML, can not calculate digest on XML node.",
346 nodeList->getLength(), tagName.c_str(), ns.c_str());
350 XSECC14n20010315 canonicalizer(dom.get(), nodeList->item(0));
351 canonicalizer.setCommentsProcessing(
false);
352 canonicalizer.setUseNamespaceStack(
true);
355 dsig::SignedInfoType& signedInfo = signature->signedInfo();
356 dsig::CanonicalizationMethodType& canonMethod = signedInfo.canonicalizationMethod();
357 dsig::CanonicalizationMethodType::AlgorithmType& algorithmType = canonMethod.algorithm();
359 DEBUG(
"C14N algorithmType = '%s'", algorithmType.c_str());
362 if(algorithmType == URI_ID_C14N_NOC) {
364 }
else if(algorithmType == URI_ID_C14N_COM) {
365 canonicalizer.setCommentsProcessing(
true);
366 }
else if(algorithmType == URI_ID_EXC_C14N_NOC) {
369 canonicalizer.setExclusive((
char*)
"ds");
370 #ifdef URI_ID_C14N11_NOC
371 }
else if(algorithmType == URI_ID_C14N11_NOC) {
372 canonicalizer.setInclusive11();
373 }
else if(algorithmType == URI_ID_C14N11_COM) {
374 canonicalizer.setInclusive11();
375 canonicalizer.setCommentsProcessing(
true);
382 std::vector<unsigned char> c14n;
383 unsigned char buffer[1024];
384 xsecsize_t bytes = 0;
385 while((bytes = canonicalizer.outputBuffer(buffer, 1024)) > 0)
387 calc->update(buffer, (
unsigned int)bytes);
388 c14n.insert(c14n.end(), buffer[0], size_t(bytes));
390 DEBUG(
"c14n = '%s'", std::string(reinterpret_cast<char*>(&c14n[0]), 0, c14n.size()).c_str());
392 return calc->getDigest();
398 catch(
const xercesc::XMLException& e )
400 xercesc::ArrayJanitor<char> msg(xercesc::XMLString::transcode(e.getMessage()));
403 catch(
const xercesc::DOMException& e )
405 xercesc::ArrayJanitor<char> msg(xercesc::XMLString::transcode(e.getMessage()));
412 return std::vector<unsigned char>();
441 DEBUG(
"Serializing XML to '%s'", path.c_str());
446 xml_schema::NamespaceInfomap map;
447 map[
"ds"].name = URI_ID_DSIG;
448 map[
"xades"].name = XADES_NAMESPACE;
449 dsig::signature(ofs, *signature, map);
451 catch ( xsd::cxx::xml::invalid_utf8_string )
453 THROW_IOEXCEPTION(
"Failed to create signature XML file. Parameters must be in UTF-8." );
469 const xades::SignedSignaturePropertiesType& signedSigProps = getSignedSignatureProperties();
470 const xades::SignedSignaturePropertiesType::SignatureProductionPlaceOptional& sigProdPlaceOptional =
471 signedSigProps.signatureProductionPlace();
472 if ( !sigProdPlaceOptional.present() )
473 return productionPlace;
474 const xades::SignatureProductionPlaceType& sigProdPlace = sigProdPlaceOptional.get();
475 if ( sigProdPlace.city().present() )
476 productionPlace.
city = sigProdPlace.city().get();
477 if ( sigProdPlace.stateOrProvince().present() )
478 productionPlace.
stateOrProvince = sigProdPlace.stateOrProvince().get();
479 if ( sigProdPlace.postalCode().present() )
480 productionPlace.
postalCode = sigProdPlace.postalCode().get();
481 if ( sigProdPlace.countryName().present() )
482 productionPlace.
countryName = sigProdPlace.countryName().get();
483 return productionPlace;
495 const xades::SignedSignaturePropertiesType& signedSigProps =
496 getSignedSignatureProperties();
498 const xades::SignedSignaturePropertiesType::SignerRoleOptional& roleOpt =
499 signedSigProps.signerRole();
500 if ( !roleOpt.present() )
502 const xades::SignerRoleType& signerRole = roleOpt.get();
504 const xades::SignerRoleType::ClaimedRolesOptional& claimedRoleOpt = signerRole.
claimedRoles();
505 if ( !claimedRoleOpt.present() )
508 const xades::ClaimedRolesListType& claimedRolesList = claimedRoleOpt.get();
510 const xades::ClaimedRolesListType::ClaimedRoleSequence& claimedRolesSequence =
511 claimedRolesList.claimedRole();
512 for ( xades::ClaimedRolesListType::ClaimedRoleSequence::const_iterator itRoles =
513 claimedRolesSequence.begin(); itRoles != claimedRolesSequence.end(); itRoles++ )
527 const xades::SignedSignaturePropertiesType& signedSigProps = getSignedSignatureProperties();
528 const xades::SignedSignaturePropertiesType::SigningTimeOptional& sigTimeOpt =
529 signedSigProps.signingTime();
530 if ( !sigTimeOpt.present() )
532 const xades::SignedSignaturePropertiesType::SigningTimeType& sigTime = sigTimeOpt.get();
545 const dsig::X509DataType::X509CertificateType& data = getSigningX509CertificateType();
548 return X509Cert(std::vector<unsigned char>(data.data(), data.data()+data.size()));
564 return signature->id().get();
574 return signature->signedInfo().signatureMethod().algorithm();
586 dsig::SignatureType::KeyInfoOptional& keyInfoOptional = signature->keyInfo();
587 if ( !keyInfoOptional.present() )
589 dsig::KeyInfoType& keyInfo = keyInfoOptional.get();
592 dsig::KeyInfoType::X509DataSequence& x509DataSeq = keyInfo.x509Data();
593 if ( x509DataSeq.empty() )
595 else if ( x509DataSeq.size() != 1 )
597 dsig::X509DataType& x509Data = x509DataSeq.front();
600 dsig::X509DataType::X509CertificateSequence& x509CertSeq = x509Data.x509Certificate();
601 if ( x509CertSeq.empty() )
603 else if ( x509CertSeq.size() != 1 )
605 dsig::X509DataType::X509CertificateType& certBase64Buf = x509CertSeq.front();
607 return certBase64Buf;
616 digidoc::xades::SignedSignaturePropertiesType&
620 dsig::SignatureType::ObjectSequence& os = signature->object();
623 else if ( os.size() != 1 )
625 dsig::ObjectType& o = os[0];
628 dsig::ObjectType::QualifyingPropertiesSequence& qpSeq = o.qualifyingProperties();
631 else if ( qpSeq.size() != 1 )
633 xades::QualifyingPropertiesType& qp = qpSeq[0];
636 xades::QualifyingPropertiesType::SignedPropertiesOptional& signedPropsOptional =
637 qp.signedProperties();
638 if ( !signedPropsOptional.present() )
640 xades::SignedPropertiesType& signedProps = qp.signedProperties().get();
643 xades::SignedSignaturePropertiesType& signedSigProps =
644 signedProps.signedSignatureProperties();
646 return signedSigProps;